Notes for November 12, 1999
- Greetings and Felicitations!
- Puzzle of the Day
- Challenge-response systems
- Computer issues challenge, user presents response to verify secret
information known/item possessed
- Example operations: f(x) = x+1, random,
string (for users without
computers), time of day, computer sends E(x),
you answer E(D(E(x))+1)
- Note: password never sent on wire or network
- Attack: monkey-in-the-middle
- Defense: mutual authentication (will discuss more sophisticated
network-based protocols later)
- Biometrics
- Depend on physical characteristics
- Examples: pattern of typing (remarkably effective), retinal scans,
etc.
- Location
- Bind user to some location detection device (human, GPS)
- Authenticate by location of the device
- User identification
- Go through UNIX idea of "real", "effective",
"saved", "audit"
- Go through notion of "role" accounts; cite Secure Xenix,
DG, etc.
- Go through PPNs (TOPS-10) and groups
- Review least privilege
- Notion of "privilege"
- Identity
- Functionality
- Granularity
- Privilege in OSes
- None (original IBM OS; protect with password, or anyone can read it)
- Fence, base and bounds registers; relocation
- Tagged architectures
- Memory management based schemes: segmentation, paging, and paged
segmentation
- Different forms of access control
- UNIX method
- ACLs: describe, revocation issue
- MULTICS rings: (b1, b2)
access bracket - can access freely;
(b2, b3)
call bracket - can call segment through gate; so (4, 6, 9) as example
Send email to
cs153@csif.cs.ucdavis.edu.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 11/13/99